Security Device Bank and System Including the Security Device Bank

1. A system, comprising: a trusted network; an untrusted network; on-board equipment on-board a movable object; off-board equipment comprising wayside equipment, central equipment, and station equipment, the off-board equipment being communicatively coupled with the trusted network; one or more first security devices on-board the movable object and communicatively connecting the on-board equipment and the untrusted network; and a security device bank communicatively connecting the trusted network and the untrusted network, the security device bank comprising: a common bus or a local network; and one or more second security devices connected to the common bus or the local network, wherein each second security device of the one or more second security devices is configured to establish a predefined quantity of communication tunnels through the untrusted network between the security device bank and the one or more first security devices, the communication tunnels are in compliance with an Internet Engineering Task Force (IETF®) Internet Protocol Security (IPsec) standard, the security device bank is configured to be scalable to increase a communication capacity of the security device bank by adding one or more additional second security devices to the security device bank, the one or more additional security devices being connected to the common bus or the local network, the one or more second security devices included in the security device bank are verified components of the system, the one or more second security devices are configured to cause the one or more additional second security devices to be the verified components of the system based on the one or more additional second security devices being connected to the common bus or the local network, all of the off-board equipment is communicatively coupled with the untrusted network through only the security device bank, and all of the off-board equipment is communicatively coupled with one another through the trusted network independent of the security device bank.

2. The system of claim 1 , wherein at least one of the communication tunnels established by the one or more second security devices is a virtual private network (VPN) tunnel through the untrusted network.

3. The system of claim 1 , wherein the communication tunnels established by the one or more second security devices comprise multiple VPN tunnels through the untrusted network.

4. The system of claim 1 , wherein the security device bank is a first security device bank, and the system further comprises a second security device bank communicatively connecting the trusted network and the untrusted network, wherein the communication tunnels established by the one or more second security devices of the first security device bank comprise at least one VPN tunnel communicatively connecting the first security bank with the one or more first security devices through the untrusted network, and the second security device bank and the one or more first security devices are configured to establish a separate VPN tunnel communicatively connecting the second security bank with the one or more first security devices through the untrusted network.

5. The system of claim 1 , wherein the communication tunnels established by the one or more second security devices are VPN tunnels.

6. The system of claim 1 , further comprising stationary equipment communicatively connected to the trusted network, wherein the trusted network is configured to establish communication between the stationary equipment and the security device bank by static routing and keep-alive polling.

7. The system of claim 1 , wherein the one or more second security devices are configured to share communication information with one another inside the security device bank to cause the one or more additional security devices to be the verified components of the system.

8. The system of claim 7 , wherein the communication information comprises security policy information propagated to the one or more second security devices included in the security device bank and one or more additional second security devices added to the security device bank via the common bus or the local network.

9. The system of claim 1 , wherein a first one of the one or more second security devices is configured to redirect (1) data traffic on the first one of the one or more second security devices, or (2) a request to establish a VPN tunnel by the first one of the one or more second security devices, to a second one of the one or more second security devices.

10. The system of claim 1 , wherein the security device bank further comprises a stand-alone controller configured to redirect (1) data traffic on a first one of the one or more second security devices, or (2) a request to establish a VPN tunnel by the first one of the one or more second security devices, to a second one of the one or more second security devices.

11. The system of claim 1 , wherein the one or more additional second security devices are verified components of the system based only on the inclusion of the one or more additional second security devices in the security device bank.

12. The system of claim 1 , wherein a quantity of the additional second security devices is based on a quantity of wayside equipment included in the off-board equipment.

13. A security device bank configured to connect a trusted network and an untrusted network, the security device bank comprising: a common bus or a local network; and one or more off-board security devices connected to the common bus or the local network, wherein each off-board security device of the one or more off-board security devices is configured to establish a predefined quantity of communication tunnels through the untrusted network between the security device bank and one or more on-board security devices aboard a movable vehicle, the communication tunnels are in compliance with an Internet Engineering Task Force (IETF®) Internet Protocol Security (IPsec) standard, the security device bank is configured to be scalable to increase a communication capacity of the security device bank by adding one or more additional off-board security devices to the security device bank, the one or more additional off-board security devices being connected to the common bus or the local network, the one or more off-board security devices included in the security device bank are verified components of a vehicle control system, the one or more off-board security devices are configured to cause the one or more additional off-board security devices to be the verified components of the vehicle control system based on the one or more additional off-board security devices being connected to the common bus or the local network, the vehicle control system comprises off-board equipment comprising wayside equipment, central equipment, and station equipment, the off-board equipment is communicatively coupled with the trusted network to communicate with one another through the trusted network independent of the security device bank, and the security device bank is configured to communicatively couple all of the off-board equipment with the untrusted network through only the security device bank.

14. The security device bank of claim 13 , wherein at least one of the communication tunnels established by the one or more off-board security devices is a virtual private network (VPN) tunnel through the untrusted network.

15. The security device bank of claim 13 , wherein the communication tunnels established by the one or more off-board security devices are VPN tunnels.

16. The security device bank of claim 13 , wherein a first one of the one or more off-board security devices is configured to send communication information to a second one of the one or more off-board security devices and to the one or more additional off-board security devices via the common bus or the local network.

17. The security device bank of claim 16 , wherein the communication information comprises security policy information.

18. The security device bank of claim 13 , wherein a first one of the one or more off-board security devices is configured to redirect (1) data traffic on the first one of the one or more off-board security devices, or (2) a request to establish a VPN tunnel by the first one of the one or more off-board security devices, to a second one of the one or more off-board security devices.

19. The security device bank of claim 13 , further comprising a stand-alone controller configured to redirect (1) data traffic on a first one of the one or more off-board security devices, or (2) a request to establish a VPN tunnel by the first one of the one or more off-board security devices, to a second one of the one or more off-board security devices.

20. A method comprising: communicating a data packet from a first device to a security device bank through a trusted network, wherein the security device bank comprises one or more security devices, the first device is one device of a plurality of devices included in an off-board equipment network comprising wayside equipment, central equipment, and station equipment, and the plurality of devices of the off-board equipment network are communicatively coupled with one another through the trusted network; selecting, by the security device bank, one of the one or more of security devices of the security device bank based on predetermined workload allocation or a measured workload of the one or more of security devices of the security device bank; transmitting the data packet to a second device through an untrusted network by using a virtual private network (VPN) tunnel, wherein a predefined quantity of VPN tunnels are established by the selected one of the one or more of security devices of the security device bank in compliance with an Internet Engineering Task Force (IETF®) Internet Protocol Security (IPsec) standard, wherein the second device is one device of a plurality of devices included in an on-board equipment aboard a movable vehicle, increasing a communication capacity of the security device bank by physically adding one or more additional security devices to the security device bank, increasing a total quantity of VPN tunnels capable of being established by the security devices included in the security device bank; propagating a security policy establishing the security devices included in the security device bank as verified components of a vehicle control system to the one or more additional security devices; and verifying the one or more additional security devices based on the inclusion of the one or more additional security devices in the security device bank, wherein all of the off-board equipment is communicatively coupled with the untrusted network through only the security device bank, and all of the off-board equipment is communicatively coupled with one another through the trusted network independent of the security device bank.